Avatar of sunhux
sunhux
 asked on

Can we or good to install Ap Struts patches even if we don't run Ap Struts

Q1:
Will the patches install even if we don't use Apache Struts?

Q2:
Is it good practice to install Apache Struts patches even if we don't use
Ap Str?  Perhaps in future someone may install Ap Struts & the IT
Security team doesn't realize it

Q3:
What are the common products that use Ap Str?  IBM Websphere,
Ap webserver?
SecurityApache Web ServerWeb ServersOS Security

Avatar of undefined
Last Comment
btan

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
btan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
gheist

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
sunhux

ASKER
If I'm not mistaken, from the link of the vulnerability, we're asked to install a newer
release (sort of sub-version) & it's not a patch : if that's the case, then if we have no
Struts running/installed currently, the more we should not install it as we'll end up
having Struts installed (which we don't have in the first place) & this will open us
up to future Struts vulnerabilities.  

From past Apache Struts V2 vulnerabilities, is it usually patches or newer releases
that are provided to address the vulnerabilities?
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Your help has saved me hundreds of hours of internet surfing.
fblack61